package space.luminic.budgerapp.configs

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.web.server.SecurityWebFiltersOrder
import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.web.server.SecurityWebFilterChain
import space.luminic.budgerapp.controllers.CustomAuthenticationEntryPoint


import space.luminic.budgerapp.services.AuthService

@Configuration
class SecurityConfig(
    private val authService: AuthService
) {
    @Bean
    fun securityWebFilterChain(
        http: ServerHttpSecurity,
        bearerTokenFilter: BearerTokenFilter,
        customAuthenticationEntryPoint: CustomAuthenticationEntryPoint
    ): SecurityWebFilterChain {
        return http
            .csrf { it.disable() }
            .cors { it.configurationSource(corsConfigurationSource()) }

            .logout { it.disable() }
            .authorizeExchange {
                it.pathMatchers(HttpMethod.POST, "/auth/login").permitAll()
                it.pathMatchers("/actuator/**").permitAll()
                it.anyExchange().authenticated()
            }
            .addFilterAt(
                bearerTokenFilter,
                SecurityWebFiltersOrder.AUTHENTICATION
            ) // BearerTokenFilter только для authenticated
            .build()
    }


    @Bean
    fun passwordEncoder(): PasswordEncoder {
        return BCryptPasswordEncoder()
    }

    @Bean
    fun corsConfigurationSource(): org.springframework.web.cors.reactive.CorsConfigurationSource {
        val corsConfig = org.springframework.web.cors.CorsConfiguration()
        corsConfig.allowedOrigins =
            listOf("https://luminic.space", "http://localhost:5173") // Ваши разрешённые источники
        corsConfig.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")
        corsConfig.allowedHeaders = listOf("*")
        corsConfig.allowCredentials = true

        val source = org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource()
        source.registerCorsConfiguration("/**", corsConfig)
        return source
    }
}